Re: Blue Boar - Reported Kazaa and Morpheus vulnerabilities

["b0iler _" <b0iler () hotmail com>]

Re: Author:Blue Boar <blueboar () thievco com>

> Well, I think that's what the original poster was getting at.  Anyone
> here tried the usual .. bugs and so on?  (Either successfully or not,
> we'd like to know.)

I found this http server deal out on my own a few months back, then checked 
up on it and found a bugtraq posting about it.  Coded up a quick perl 
scanner to check for autoexec.bat and then wrote a funny little article on 
it for my website.  It is a shame slashdot/bbc posted the "exploit" as news 
and some group (2600?) claims they found it or whatever yet they don't know 
what is causing it and they say it happens to some people and not to others 
for no reason (LOL).  After my scanner I tried the regular directory 
transversal tricks, ../, url encoding, guessing the algo for the random 
virtual directories/paths to the files, ip:1214/./../../, ip:1214/.\./.\./, 
and all that good stuff with no success.  I should note that I didn't try 
... which brings win to root dir, but I don't think morpheous works on a 
real file system - the directories are virtual so there is no way of getting 
files that aren't shared.

just my .02, but it looks fairly secure from any method I am aware of.  
Sorry I did not read the other posts in this thread, so some of this post 
might be redundant.

http://b0iler.advknowledge.net
or for the article reguarding morpheous user's sharing files/morpheous 
webserver:
http://www.eccentrix.com/education/b0iler/tutorials/idotsofp2p.htm





_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com